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Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )KI Responsive to communication(s) filed on 27 February 2009 . 
2a )^ This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) |EI Claim(s) 1,3-5, 8- 1 5, 29, 30 and 32-46 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) |EI Claim(s) 1,3-5,8-15,29,30 and 32-46 is/are rejected. 

7) 0 Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) Q The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

20 Certified copies of the priority documents have been received in Application No. . 

3.Q Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

Response to Arguments 

Applicant's arguments filed 2/27/09 have been fully considered but they are not 
persuasive. Applicant argues that Whelan does not teach policies and only rules. The examiner 
respectfully disagrees, and asserts that this is a measure of semantics. The applicant admits as 
much by stating the present invention is directed to changing policies which will result in 
changes in rules. Examiner asserts that Whelan teaches a policy of open access, and if an 
intrusion is detected, it changes its policy to ban the specific client from the network. Whelan 
teaches changing the rules for this change in policy. 

Applicant argues that Wehlan does not teach saving/checking policies, but as stated 
above the policies are made up of rules, and Wehlan teaches storing rules. 

Applicant's arguments with respect to claims 4, and 32 have been fully considered and 
are persuasive 
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Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims rejected under 35 U.S.C. 103(a) as being unpatentable over Whelan US 
2004/0003285. 

As per claims 1 , and 30, Whelan teaches establishing signal transfer policies for each of 
a plurality of interconnection devices of the network system (prevent network traffic flow from 
certain access points) [0039]. Whelan teaches monitoring the network for intrusions (determines 
whether authorized) [0036]. Whelan teaches changing one or more signal transfer policies of 
one or more of the plurality of interconnection devices in response to the one or more detected 
intrusions (if unauthorized disables or reroutes communications) [0039]. Whelan teaches 
allowing one or more users to access a selectable portion of network services based on a policy 
established in the connection devices (authorized devices are connected) [0024], [0046], [0047]. 

Whalen teaches excluding a policy enforcement module for effecting its own signal 
transfer policy changes via the fact that the instructions for change originate with the network 
monitor. 
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Whalen teaches identifying one or more sources of the intrusions including the physical 
or logical address (rouge access point) [0036] [0047]. 

As per claim 3, Whalen teaches identifying one or more sources of the intrusions 
including the physical or logical address (rouge access point) [0036]. 

As per claim 5,38 Whelan teaches employing an IDS (network monitor) [0024]. 

As per claim 8 Whelan teaches identifying one or more of the plurality of devices 
associated with the one or more sources of the intrusion including determining the addresses of 
the devices (reroutes other network devices to prevent traffic from rouge element) [0039]. 

As per claim 9, 29, 41 Whelan teaches verifying the identification of the source 
(verification of rouge access point) [0038]. 

As per claim 10, Whelan teaches the device to block access [0039]. 

As per claims 12, and 13 Whelan teaches configuring a first set of network devices with 
policy and after an intrusion configuring a second set of policy (normal behavior until an 
intrusion, and then blocking access) [0039] . 
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As per claim 14, 39 Whelan, teaches the device is a network entry device (access points 
connected to rouge mobile units) [0046]. 

As per claim 15, Whelan teaches configuring ports [0039], [0041]. 

As per claim 28, 40 Whelan teaches identifying the address of both the source and the 
network entry device (send instructions to the device to block the address of the source) [0047]. 

As per claim 33 Whelan teaches a directory service function for receiving address 
information (checks tables) [0034]. 

As per claim 34 Whelan teaches a policy manager function to configure devices [0039] 

As per claim 35 Whelan teaches utilizing the directory service to evaluate whether a 
policy change is required [0036]. 

As per claim 36, 37 Whelan teaches the system is centralized network monitor [001 1]. 

As per claims 42, and 44 Whelan teaches gaining access through the interconnection 
device to which they are connected [0024] 
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Claim 11 rejected under 35 U.S.C. 103(a) as being unpatentable over Whelan US 
2004/0003285 in view of Baffes US 2004/0111636 

As per claim 11, Whelan does not teach allowing activity and collecting forensic 
evidence. 

Baffes teaches allowing an intrusion to a honeypot in order to collect forensics evidence 
[0038]. It would have been obvious to one of ordinary skill in the art to use the method of Baffes 
in the system of Whelan in order to further investigate the source of intrusions. 

Claims 43, 45 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Whelan US 2004/0003285 in view of Day IS 2004/0025044 

As per claims 40, and 45, Whelan teaches a central policy server. 
Day teaches that a system may be centralized or distributed [0053]. 
It would have been obvious to one of ordinary skill in the art to replace the centralized 
server of Whelan with the distributed system of Day because it prevents failure at a single point. 

Allowable Subject Matter 



As per claims 4, and 32, 46 are objected to as being dependent on independent rejected 
claims, but would be allowable if rewritten in independent form including the limitations of all 
intervening claims 



Application/Control Number: 1 0/7 1 3 ,5 60 Page 7 

Art Unit: 2439 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to CHRISTOPHER J. BROWN whose telephone number is 
(571)272-3833. The examiner can normally be reached on 8:30-6:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on (571)272-381 1. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Christopher J Brown/ 5/20/09 
Primary Examiner, Art Unit 2439 



